File CVE-2018-11410.patch of Package liblouis.8510

From ed6b00aea08005945c9ae8a4a4503acc43f3a844 Mon Sep 17 00:00:00 2001
From: Samuel Thibault <samuel.thibault@labri.fr>
Date: Fri, 25 May 2018 10:25:33 +0200
Subject: [PATCH] Fix a buffer overflow in table parsing

Fixes #573

Rebased by Mike Gorse <mgorse@suse.com>
---
diff -urp liblouis-3.3.0.orig/liblouis/pattern.c liblouis-3.3.0/liblouis/pattern.c
--- liblouis-3.3.0.orig/liblouis/pattern.c	2017-09-04 09:40:14.000000000 -0500
+++ liblouis-3.3.0/liblouis/pattern.c	2018-08-07 16:31:10.603913506 -0500
@@ -744,6 +744,8 @@ static int pattern_compile_expression(co
 		if(!pattern_compile_expression(input, input_max, input_crs, expr_data, expr_max, expr_crs, loop_cnts))
 			return 0;
 
+		if (*expr_crs + 3 >= expr_max) return 0;
+
 		EXPR_NXT(expr_sub) = *expr_crs;
 
 		/*   create end expression   */
@@ -756,7 +758,7 @@ static int pattern_compile_expression(co
 
 	case '+':
 
-		if(*expr_crs + 4 >= expr_max)
+		if(*expr_crs + 5 >= expr_max)
 			return 0;
 		EXPR_TYPE(*expr_crs) = PTN_ONE_MORE;
 		EXPR_DATA_1(*expr_crs) = (*loop_cnts)++;
@@ -765,7 +767,7 @@ static int pattern_compile_expression(co
 
 	case '*':
 
-		if(*expr_crs + 4 >= expr_max)
+		if(*expr_crs + 5 >= expr_max)
 			return 0;
 		EXPR_TYPE(*expr_crs) = PTN_ZERO_MORE;
 		EXPR_DATA_1(*expr_crs) = (*loop_cnts)++;
openSUSE Build Service is sponsored by